17659d1bfb366131106e5da70d5e79709c1cf36c13140a16149766050d03ba48

Analysis

max time kernel
8356s
max time network
151s
platform
debian-9_mipsel
resource
debian9-mipsel-20221111-en
resource tags

arch:mipselimage:debian9-mipsel-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
16/02/2023, 11:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

32a3f802df6e522308613dce10da49b1.elf
Size

82KB
MD5

32a3f802df6e522308613dce10da49b1
SHA1

06277f4548c7dcfe99cfa2f2fda526a76ba6eb73
SHA256

17659d1bfb366131106e5da70d5e79709c1cf36c13140a16149766050d03ba48
SHA512

4349b10fe93e4d91020abb8b244f4c40f7054f2d659b23b9d54dea57d3e9aaf8fef4a1cf950f4c5d94531d4d90b1b38c3a95fd68a1fe7ebdf287c593c54da1da
SSDEEP

1536:iVLyu95KnDkj752dCexuV/8UZlDwfkJ4MYfWK:iVLyMgGFezxu5VD1ev

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (36341) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
/proc/10/cmdline	/proc/10/cmdline	Process not Found
/proc/21/cmdline	/proc/21/cmdline	Process not Found
/proc/22/cmdline	/proc/22/cmdline	Process not Found
/proc/404/cmdline	/proc/404/cmdline	Process not Found
/proc/9/cmdline	/proc/9/cmdline	Process not Found
/proc/207/cmdline	/proc/207/cmdline	Process not Found
/proc/287/cmdline	/proc/287/cmdline	Process not Found
/proc/1/cmdline	/proc/1/cmdline	Process not Found
/proc/15/cmdline	/proc/15/cmdline	Process not Found
/proc/36/cmdline	/proc/36/cmdline	Process not Found
/proc/392/cmdline	/proc/392/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mkdir
/proc/20/cmdline	/proc/20/cmdline	Process not Found
/proc/71/cmdline	/proc/71/cmdline	Process not Found
/proc/232/cmdline	/proc/232/cmdline	Process not Found
/proc/251/cmdline	/proc/251/cmdline	Process not Found
/proc/303/cmdline	/proc/303/cmdline	Process not Found
/proc/5/cmdline	/proc/5/cmdline	Process not Found
/proc/17/cmdline	/proc/17/cmdline	Process not Found
/proc/19/cmdline	/proc/19/cmdline	Process not Found
/proc/23/cmdline	/proc/23/cmdline	Process not Found
/proc/74/cmdline	/proc/74/cmdline	Process not Found
/proc/115/cmdline	/proc/115/cmdline	Process not Found
/proc/250/cmdline	/proc/250/cmdline	Process not Found
/proc/7/cmdline	/proc/7/cmdline	Process not Found
/proc/327/cmdline	/proc/327/cmdline	Process not Found
/proc/341/cmdline	/proc/341/cmdline	Process not Found
/proc/4/cmdline	/proc/4/cmdline	Process not Found
/proc/16/cmdline	/proc/16/cmdline	Process not Found
/proc/116/cmdline	/proc/116/cmdline	Process not Found
/proc/234/cmdline	/proc/234/cmdline	Process not Found
/proc/14/cmdline	/proc/14/cmdline	Process not Found
/proc/79/cmdline	/proc/79/cmdline	Process not Found
/proc/142/cmdline	/proc/142/cmdline	Process not Found
/proc/6/cmdline	/proc/6/cmdline	Process not Found
/proc/2/cmdline	/proc/2/cmdline	Process not Found
/proc/8/cmdline	/proc/8/cmdline	Process not Found
/proc/73/cmdline	/proc/73/cmdline	Process not Found
/proc/	/proc/	Process not Found
/proc/13/cmdline	/proc/13/cmdline	Process not Found
/proc/76/cmdline	/proc/76/cmdline	Process not Found
/proc/105/cmdline	/proc/105/cmdline	Process not Found
/proc/218/cmdline	/proc/218/cmdline	Process not Found
/proc/335/cmdline	/proc/335/cmdline	Process not Found
/proc/filesystems	/proc/filesystems	mv
/proc/24/cmdline	/proc/24/cmdline	Process not Found
/proc/72/cmdline	/proc/72/cmdline	Process not Found
/proc/75/cmdline	/proc/75/cmdline	Process not Found
/proc/337/cmdline	/proc/337/cmdline	Process not Found
/proc/11/cmdline	/proc/11/cmdline	Process not Found
/proc/80/cmdline	/proc/80/cmdline	Process not Found
/proc/145/cmdline	/proc/145/cmdline	Process not Found
/proc/157/cmdline	/proc/157/cmdline	Process not Found
/proc/256/cmdline	/proc/256/cmdline	Process not Found
/proc/320/cmdline	/proc/320/cmdline	Process not Found
/proc/77/cmdline	/proc/77/cmdline	Process not Found
/proc/233/cmdline	/proc/233/cmdline	Process not Found
/proc/12/cmdline	/proc/12/cmdline	Process not Found
/proc/69/cmdline	/proc/69/cmdline	Process not Found
/proc/281/cmdline	/proc/281/cmdline	Process not Found
/proc/3/cmdline	/proc/3/cmdline	Process not Found
/proc/37/cmdline	/proc/37/cmdline	Process not Found
/proc/82/cmdline	/proc/82/cmdline	Process not Found
/proc/302/cmdline	/proc/302/cmdline	Process not Found

/tmp/32a3f802df6e522308613dce10da49b1.elf
/tmp/32a3f802df6e522308613dce10da49b1.elf
1⤵
PID:322

/bin/sh
sh -c "rm -rf bin/systemd && mkdir bin; >bin/systemd && mv /tmp/32a3f802df6e522308613dce10da49b1.elf bin/systemd; chmod 777 bin/systemd"
1⤵
PID:323
- /bin/rm
  rm -rf bin/systemd
  2⤵
  PID:325
- /bin/mkdir
  mkdir bin
  2⤵
  - Reads runtime system information
  PID:326
- /bin/mv
  mv /tmp/32a3f802df6e522308613dce10da49b1.elf bin/systemd
  2⤵
  - Reads runtime system information
  PID:328
- /bin/chmod
  chmod 777 bin/systemd
  2⤵
  PID:332

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Scanning

T1046

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads